Loading ...
Sorry, an error occurred while loading the content.

Specifying a transport for bounce messages

Expand Messages
  • Stan Hoeppner
    ... 110% correct. ... Exactly. Most MAIL FROM: addresses in spam are forged. Bouncing spam messages after you receive them merely creates outscatter
    Message 1 of 3 , Oct 1, 2009
    • 0 Attachment
      Wietse Venema put forth on 10/1/2009 12:34 PM:

      > The REAL mistake in your setup is that you forward SPAM into gmail.
      > This causes gmail to treat your machine as a SPAMMER, and may affect
      > legitimate mail that you do want to receive.

      110% correct.

      > You must NEVER bounce SPAM to the sender address, because in most
      > cases that is not the sender.

      Exactly. Most MAIL FROM: addresses in spam are forged. Bouncing spam
      messages after you receive them merely creates outscatter
      http://en.wikipedia.org/wiki/Backscatter_(e-mail), and makes your MX a
      spam source in the eyes of receivers. You need to reject all spam (or
      as much as possible) at the inbound SMTP stage on your Postfix MX.

      Welcome to the world of spam fighting Jose. It's probably as important
      as any other aspect of running an MX host in 2009 and beyond. You need
      to implement some basic anti spam/UCE controls on your Postfix MX asap.
      Adding the following to your main.cf and restarting Postfix would be a
      good place to start immediately:

      disable_vrfy_command = yes

      smtpd_client_restrictions =
      reject_unknown_reverse_client_hostname

      smtpd_helo_required = yes
      smtpd_helo_restrictions =
      reject_non_fqdn_helo_hostname,
      reject_invalid_helo_hostname,
      reject_unknown_helo_hostname

      smtpd_recipient_restrictions =
      permit_mynetworks,
      reject_unauth_destination,
      reject_rbl_client zen.spamhaus.org,
      reject_rbl_client dnsbl.sorbs.net,
      reject_rbl_client bl.spamcop.net,
      reject_rbl_client psbl.surriel.com

      This is just a basic setup and will help kill most of the spam you're
      currently receiving. As time passes and more spammers get ahold of the
      email addresses at your domain, you'll need to implement additional
      measures. There is plenty of Postfix antispam/UCE documentation
      available on the Postfix website and other places easily found with
      Google. There are also many antispam mailing lists you could join to
      gain knowledge and experience on the subject as well. Probably the
      first thing you should look at implementing is Postgrey:
      http://postgrey.schweikert.ch/

      If you can, install the version available through your operating
      system's package management system, instead of manually installing all
      the components from the Postgrey website.

      Hope this gets you off to a good start.

      --
      Stan
    Your message has been successfully submitted and would be delivered to recipients shortly.